On Fri, Mar 22, 2019 at 2:45 PM alcinos <french.ebook.lo...@gmail.com> wrote: > > > > Le ven. 22 mars 2019 à 14:40, Tomaz Canabrava <tcanabr...@kde.org> a écrit : >> >> On Fri, Mar 22, 2019 at 2:31 PM alcinos <french.ebook.lo...@gmail.com> wrote: >> > >> > Is there a way to somehow configure the build process? Their automatic >> > dependency pulling is getting an outdated version of Melt, and it breaks >> > the build for us in Kdenlive... >> >> Yes, you can define a yaml file for it in the root dir, like krita did here: >> https://github.com/KDE/krita/blob/master/.lgtm.yml > > > It seems that they only give a package list? I don't think it would help in > our case, the root cause of the issue being that the Mlt package is outdated > in the repo of whatever distrib they use to build...
true, but we can get in contact with them to resolve. I'm opening a request for that. > >> >> > Le ven. 22 mars 2019 à 07:43, Tomaz Canabrava <tcanabr...@kde.org> a écrit >> > : >> >> >> >> On Thu, Mar 21, 2019 at 9:27 PM Albert Astals Cid <aa...@kde.org> wrote: >> >> > >> >> > El dijous, 21 de març de 2019, a les 20:31:34 CET, Tomaz Canabrava va >> >> > escriure: >> >> > > Em qui, 21 de mar de 2019 às 19:48, Albert Astals Cid <aa...@kde.org> >> >> > > escreveu: >> >> > > >> >> > > > El dijous, 21 de març de 2019, a les 10:04:29 CET, Tomaz Canabrava >> >> > > > va >> >> > > > escriure: >> >> > > > > Hello kdevelopers, >> >> > > > > >> >> > > > > I'v come to know the lgtm.com this week and started to enjoy it >> >> > > > > quite >> >> > > > > a bit. It provides code analisys for various languages like c/c++ >> >> > > > > / >> >> > > > > java / javascript / python, transforming code to data and >> >> > > > > extracting >> >> > > > > information using a QL Schema + Deep learning. >> >> > > > > >> >> > > > > It's opensource >> >> > > > >> >> > > > Is it? I can't seem to find the code. >> >> > > > >> >> > > > > , and *already* runs thru all the kde codebase because >> >> > > > > our code has a mirror on github (but it also supports gitlab, >> >> > > > > bitbucket). Some of the code from kde can't be analized yet >> >> > > > > because of >> >> > > > > unmatched dependencies, but here's an example of a software we all >> >> > > > > know and love, being analized by their tools. >> >> > > > > >> >> > > > > https://lgtm.com/projects/g/KDAB/GammaRay/alerts/?mode=list >> >> > > > > >> >> > > > > I belive we should get in contact with them and ask for a ~formal~ >> >> > > > > partnership and integrate this into our phab / gitlab instances. >> >> > > > >> >> > > > I'm a bit hesitant about it's quality. >> >> > > > >> >> > > > It complains about >> >> > > > https://lgtm.com/projects/g/KDAB/GammaRay/snapshot/c9979de8f1206e13596392237af218cd35adc139/files/plugins/sceneinspector/paintanalyzerextension.cpp#x6a2cbfa5e54b631a:1 >> >> > > > If you read the description it'd seem it's a memory leak. >> >> > > > That's because it doesn't understand QObject ownership and >> >> > > > that >> >> > > > deleting a parent will delete its children. >> >> > > > >> >> > > > It says this is an error >> >> > > > https://lgtm.com/projects/g/KDE/okular/snapshot/9755abc39706567915f1d1b757b70e2a0f8e3f3a/files/core/synctex/synctex_parser_utils.c#x6d7e052c9ef1e80:1 >> >> > > > It's not, i'll agree it's not very common to do this >> >> > > > comparison, >> >> > > > but it's valid code >> >> > > > >> >> > > > It says this is a noop >> >> > > > https://lgtm.com/projects/g/KDE/okular/snapshot/9755abc39706567915f1d1b757b70e2a0f8e3f3a/files/autotests/parttest.cpp?sort=name&dir=ASC&mode=heatmap#x9525a92bb944ee97:1 >> >> > > > It's not, qRegisterMetaType does things >> >> > > > >> >> > > > So I'm happy that those results are out there, but given the amount >> >> > > > of >> >> > > > false/questionable positives i found in 5 minutes of looking at it, >> >> > > > I'd be >> >> > > > very careful of giving it to "the general population", that may just >> >> > > > propose changes because a tool told them to. >> >> > > > >> >> > > > Cheers, >> >> > > > Albert >> >> > > > >> >> > > >> >> > > They are already working in two of the bugs that you described - >> >> > > reported >> >> > > by the subsurface team. >> >> > > >> >> > > The source for parts of the tools are here: >> >> > > >> >> > > https://github.com/Semmle/ql >> >> > > >> >> > > And of course as any tool that is starting there will be errors. >> >> > >> >> > Sure, i never said it's useless, in fact it did find some mismatched >> >> > free/delete/delete[] calls in both okular and poppler. >> >> > >> >> > I just want to make sure we don't tell people "these are bugs, go fix >> >> > them", because then people will take the tool at 100% correct rate >> >> > value, when it's not that kind of tool. >> >> >> >> I opened bug reports to them: >> >> >> >> https://github.com/Semmle/ql/issues/1153 >> >> this one I'm not convinced yet. >> >> >> >> https://github.com/Semmle/ql/issues/1154 >> >> this one it seems that it was not false positive. >> >> >> >> :) >> >> >> >> > Cheers, >> >> > Albert >> >> > >> >> > > >> >> > > >> >> > > > >> >> > > > > >> >> > > > > Tomaz >> >> > > > > >> >> > > > >> >> > > > >> >> > > > >> >> > > > >> >> > > > >> >> > > >> >> > >> >> > >> >> > >> >> >
